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A MULT I -PROCESS DE SCRAMBLER 
CROSS-REFERENCE TO RELATED APPLICATIONS 



This application is a divisional of U.S. Application 
No. 10/388,002 filed March 12, 2003, which claims the 
benefit of priority on U.S. Provisional Application No. 
5 60/424,381 filed on November 5, 2002. 

BACKGROUND 

1. Field 

Embodiments of the invention relate to digital 
devices . More specifically, one embodiment of the 
10 invention relates to a system, apparatus and method for 
descrambling digital content in digital devices such as 
set -top boxes . 

2 . General Background 

Analog communication systems are rapidly giving way 
15 to their digital counterparts. Digital television is 

currently scheduled to be available nationally. High- 
definition television (HDTV) broadcasts have already begun 
in most major cities on a limited basis. Similarly, the 
explosive growth of the Internet and the World Wide Web 
2 0 have resulted in a correlative growth in the increase of 
downloadable audio-visual files , such as MP3 - formatted 
audio files, as well as other content. 

Simultaneously with, and in part due to this rapid 
move to digital communications system, there have been 
25 significant advances in digital recording devices. 

Digital versatile disk (DVD) recorders, digital VHS video 
cassette recorders (D-VHS VCR), CD-ROM recorders (e.g., 
CD-R and CD-RW) , MP3 recording devices, and hard disk- 
based recording units are but merely representative of the 
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digital recording devices that are capable of producing 
high quality recordings and copies thereof, without the 
generational degradation (i.e., increased degradation 
between successive copies) known in the analog 
5 counterparts. The combination of movement towards digital 
communication systems and digital recording devices poses 
a concern to content providers such as the motion picture 
and music industries, who are reluctant in providing 
downloadable digital content due to fears of unauthorized 
10 and uncontrolled copying such digital content. 

In response, there is a movement to require service 
providers, such as terrestrial broadcast, cable and direct 
broadcast satellite (DBS) companies, and companies having 
Internet sites which provide downloadable content, to 

15 introduce copy protection schemes. These copy protection 
schemes may extend beyond the role of conditional access 
(CA) , merely descrambling content to a CA-clear format for 
real-time viewing and/or listening, and now include 
constraints and conditions on the recording and playback. 

20 For example, currently, copying of scrambled content for 
subsequent descrambling and viewing or listening may be 
permitted with the appropriate service/content provider 
authorization or key provided to the digital device. 

Traditional CA systems for Pay-TV originated from 
25 one-way broadcast systems where a back channel was not 
available. A cryptographic processor, such as a smart 
card, in a conditional access unit, such as a set-top box, 
is generally infused with information and functionality in 
order to automatically grant access to programs. For 
3 0 example, a smart card with a Pay-TV access control 

application is adapted to receive messages that grant 
certain service entitlements. If the set-top box was 
allowed to view IPPV programs, then credit and cost limit 
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information was transmitted as well. Likewise, when 
tuning to a program, the smart card received messages that 
described which entitlements the smart card needed in 
order to grant access to the program. 

5 Currently, hackers have manipulated both types of 

messages in order to view programs without paying the 
requisite subscription fees. Not only can these messages 
be manipulated, but the hardware can be attacked as well. 
For instance, descrambling keys in the clear that are used 
10 to descramble scrambled content can be copied and sent to 
other set-top boxes over the Internet. Such hacking is 
costly to both service providers as well as the content 
owners . 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Embodiments of the invention are illustrated by way 
of example and not by way of limitation in the 
accompanying drawings, in which like references indicate 
5 similar elements and in which: 

Figure 1 is an exemplary embodiment of an content 
delivery system including a digital device; 

Figure 2 is a first exemplary embodiment of a secure 
content delivery system that comprises the conditional 
10 access unit adapted to operate with a smart card; 

Figure 3 is an exemplary embodiment of a method for 
securely transferring descrambling keys from the smart 
card to the conditional access unit of Figure 2 ; 

Figure 4 is a second exemplary embodiment of a secure 
15 content delivery system that comprises a decoder adapted 
to a headend via a network connection; 

Figure 5 is a more detailed illustration of the 
decoder adapted to the headend of Figure 4 ; 

Figure 6A is a third exemplary embodiment of a secure 
20 content delivery system; 

Figure 6B is an exemplary embodiment of a data 
structure forming the mating key generator transmitted 
through a secure content delivery system; 

Figure 6C is an exemplary embodiment of an 
25 entitlement management message (EMM) routed to a set-top 
box of the system of Figure 6A; 

Figure 7 is a first exemplary embodiment of a 
descrambler IC implemented within the decoder of the set- 
top box of the system of Figure 6A; 
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Figure 8 is a fourth exemplary embodiment of a secure 
content delivery system; 

Figure 9A is a fifth exemplary embodiment of a secure 
content delivery system; 

5 Figure 9B is an exemplary embodiment of an 

entitlement management message (EMM) routed to a set -top 
box of the system of Figure 9A; 

Figure 9C is an exemplary embodiment of meta-data 
associated with an electronic program guide (EPG) routed 
10 to the set-top box of the system of Figure 9A; 

Figure 10 is a first exemplary embodiment of the 
descrambler IC implemented within the set -top box of 
Figure 9A; 

Figure 11 is a portion of a sixth exemplary 
15 embodiment of a secure content delivery system; 

Figure 12 is an exemplary embodiment of a portion of 
a seventh exemplary embodiment of a secure content 
delivery system in which the digital device is adapted 
with copy protection functionality; 

2 0 Figure 13 is an exemplary embodiment of the decoder 

implemented within the digital device of Figure 12; and 

Figure 14 is an exemplary embodiment of a data 
structure forming the copy protection key generator of 
Figure 12 . 



25 
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DETAILED DESCRIPTION 

Various embodiments of the invention relate to an 
apparatus, system and method for protecting the transfer 
of data. In one embodiment, such protection involves the 
5 descrambling and/or decrypting of digital content from one 
or more service providers within the digital devices 
themselves. Examples of a "service provider" include, but 
are not limited to a terrestrial broadcaster, cable 
operator, direct broadcast satellite (DBS) company, a 
10 company providing content for download via the Internet, 
or any similar sources of content. 

In the following description, certain terminology is 
used to describe features of the invention. For instance, 
the terms "component" or "logic" are each representative 

15 of hardware and/or software configured to perform one or 
more functions. Examples of "hardware" include, but are 
not limited or restricted to an integrated circuit such as 
a processor (e.g., microprocessor, application specific 
integrated circuit, a digital signal processor, a micro- 

20 controller, etc.), finite state machine, combinatorial 
logic or the like. The term "process block" represents 
hardware and/or software having a dedicated function, such 
as a finite state machine for example. 

An example of "software" includes a series of 
25 executable instructions in the form of an application, an 
applet, or even a routine. The software may be stored in 
any type of machine readable medium such as a programmable 
electronic circuit, a semiconductor memory device such as 
volatile memory (e.g., random access memory, etc.) and/or 
30 non-volatile memory (e.g., any type of read-only memory 
"ROM", flash memory), a floppy diskette, an optical disk 
(e.g., compact disk or digital video disc "DVD"), a hard 
drive disk, tape, or the like. 
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Referring to Figure 1, an exemplary embodiment of a 
content delivery system 100 is shown. Content delivery 
system 100 includes a digital device 110 that receives 
information including program data from one or more 
5 service providers. The program data may be propagated as 
a digital bit stream for example. Digital device 110 may 
operate as any number of products such as a set -top box or 
one or more components integrated into a television, 
computer, audio-playback device (e.g., digital radio), 
10 audio-recording device (e.g., MP3 player), video-recording 
device (e.g., digital recorder), or the like. 

For instance, digital device 110 may be configured in 
accordance with an embedded architecture, a split security 
architecture, or an external security architecture. As an 
15 embedded architecture, in one embodiment, digital device 
110 is implemented as a set-top box that comprises fixed, 
internal circuitry supporting both entitlement management 
and descrambling operations. 

Alternatively, in accordance with a split security 

2 0 architecture embodiment, digital device 110 may be adapted 

to receive a removable smart card that handles entitlement 
management, while descrambling of digital content is 
controlled by internal circuitry. 

Yet, in accordance with an external security 
25 embodiment, digital device 110 may be a "point-of- 

deployment" product with a network card handling both 
entitlement management and descrambling operations by 
sending and receiving messages over an Out -of -Band 
channel. Of course, external security type may also be 

3 0 split so that the network card handles descrambling 

operations, but adapted to communicate with a smart card 
for handling entitlement management. These and other 
embodiments of digital device 110 may be implemented while 
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still falling within the spirit and scope of the 
invention . 

Digital device 110 comprises a receiver 111, which 
processes the incoming information, extracts the program 
5 data inclusive of the digital content therefrom, and 
provides the digital content in a perceivable format 
(e.g., viewable and/or audible). The "program data" 
comprises any or all of the following: system 
information, entitlement control message (s), entitlement 
10 management message (s), or digital content. The "digital 
content" in the program data stream may include an image, 
audio, video or any combination thereof. The content may 
be in a scrambled or clear format. 

Herein, "system information" may include information 
15 on program names, time of broadcast, source, and a method 
of retrieval and decoding, and well as copy management 
commands that provide digital receivers and other devices 
with information that will control how and when the 
digital content may be replayed, retransmitted and/or 

2 0 recorded. These copy management commands may also be 

transmitted along with an entitlement control message 
(ECM) , which is generally used to regulate access to a 
particular channel or service. An "Entitlement Management 
Message" (EMM) may be used to deliver entitlements 
25 (sometimes referred to as "privileges") to digital 
receiver 111. Examples of certain entitlements may 
include, but are not limited to access rights or 
descrambling keys. A descrambling key is generally a code 
that is required by descrambler logic to recover data in 

3 0 the clear from a scrambled format based on the 

ent i 1 1 ement s granted . 

As shown, when implemented as a set -top box, digital 
device 110 may be coupled to other components in content 



080398P558D -9- Sony IPD No. 50S5303.02 

delivery system 100 via a transmission medium 120. The 
transmission medium 12 0 operates to transmit program data 
between digital device 110 and other components in content 
delivery system 100. The transmission medium 120 may 
5 include, but is not limited to electrical wires, optical 
fiber, cable, a wireless link established by wireless 
signaling circuitry, or the like. 

Depending on the type of product corresponding to the 
digital device 110, content delivery system 100 may 
10 include an audio system 13 0 coupled to the transmission 
medium 12 0. A digital VCR 14 0, such as a D-VHS VCR, may 
also be coupled to the digital device 110 and other 
components of the content delivery system 10 0 through the 
transmission medium 120. 

15 A hard disk recording unit 150 may also be coupled to 

digital device 110 and other components via transmission 
medium 120. Display 160 may include a high definition 
television display, a monitor, or another device capable 
of processing digital video signals. Finally, a control 

20 unit 170 may be coupled to the transmission medium 120. 

Control unit 170 may be used to coordinate and control the 
operation of some or each of the components on content 
delivery system 100. 

The digital content of the program data may be 
25 transmitted in scrambled form. In one embodiment, as part 
of the program data, access requirements may be 
transmitted along with the scrambled content to digital 
device 110 (e.g., set-top box) that is implemented with 
receiver 111 thereby functioning as a conditional access 
30 unit. An "access requirement" is a restrictive parameter 
used to determine if digital device 110 implemented with 
conditional access functionality, hereinafter referred to 
herein as the "conditional access unit 110," is authorized 
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to descramble the scrambled content for viewing or 
listening purposes. For example, the access requirement 
may be a key needed to perceive (view and/or listen to) 
the content, a service tag associated with a given service 
5 provider, or even a particular descrambling software code. 

When a scrambled program is received by conditional 
access unit 110, the access requirements for the program 
are compared to the entitlements that the conditional 
access unit 110 actually has. In order for the 

10 conditional access unit 110 to display the scrambled 
content in clear form, in one embodiment, the access 
requirements associated with the digital content are 
compared to the entitlements of the conditional access 
unit 110. The entitlements may state that conditional 

15 access unit 110 is entitled to view/playback content from 
a given content provider such as Home Box Office (HBO) , 
for example. The entitlements may also include one or 
more keys needed to descramble the digital content . The 
entitlements also may define the time periods for which 

20 conditional access unit 110 may descramble the digital 
content . 

Thus, in one embodiment, access requirements and 
entitlements form a part of the access control system to 
determine whether a conditional access unit or even a 

25 decoder is authorized to view a particular program. It is 
contemplated that the description below focuses on 
mechanisms to recover audio/visual content such as 
television broadcasts, purchased movies and the like. 
However, it is contemplated that the invention is also 

30 applicable to the descrambling of audible content only 
(e.g., digitized music files). 

The access requirements and entitlements can provide 
consumers with a variety of choices for paying for the 
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content and gaining access to the scrambled content. 
These choices may include pay per play (PPP) , pay per view 
(PPV) , impulse pay per view (IPPV) , time based historical, 
pay per time (PPT) . "Impulse pay per view" is a feature 
5 which allows purchase of PPV movies through credit that 
has been previously downloaded into the set -top box. 
Purchase records may be stored and forwarded by phone to a 
billing center. "Time based historical" allows access to 
content that was delivered during a past time period, such 
10 as March through December, 1997, for example. The access 
requirements and entitlements can also provide consumers 
with different options for storing the scrambled content. 

The access requirements may be delivered to the 
conditional access unit, located within digital device 110 

15 or coupled thereto over transmission medium 12 0, using 
packet identifiers (PIDs) . Each PID may contain the 
access requirements associated with a given service. The 
content that is delivered to the conditional access unit 
may also include a large number of PIDs, thus enabling 

2 0 special revenue features, technical features, or other 
special features to be performed locally. 

Before receiving the content, the customer may be 
given a number of choices for gaining access to the 
digital content that is going to be stored to media. The 
25 customer may be required to purchase the right to access 

and view the content. Therefore, if the customer wants to 
record the content for later retrieval and viewing, the 
access requirements that the customer bought also need to 
be stored with the digital content. 

30 In addition, there may be copy-protection applied to 

the descrambled digital content (e.g., transport stream) 
as shown in Figures 12 and 13 . Copy-protected digital 
content will be re-scrambled across an interface 
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interconnecting a destination interface and a source. The 
source and destination interface need to agree on the key 
used to re-encrypt this content. This copy protection key 
can be encrypted with the unique key associated with the 
5 digital device. The unique key can be received through an 
EMM or other method, e.g. factory load procedure. 

As seen in Figure 2, a first exemplary embodiment of 
a secure content delivery system that comprises a 
conditional access unit 201 adapted to operate with a 

10 smart card interface 220 is shown. This embodiment is 
consistent with a split security architecture and an 
external security architecture. In a split security 
architecture implementation, digital device 110 operates 
as a conditional access unit 201 (e.g., equivalent to 

15 conditional access unit 110 of Figure 1) , but is 

implemented as a set -top box or other type of digital 
device . 

Although smart card interface 22 0 may be built into 
digital receiver 111, it is expected that digital receiver 

20 111 will have an expansion slot, such as a PCMCIA slot or 
Universal Serial Bus (USB) slot for example, to receive a 
card 210 complementary to interface 220. For this 
embodiment, digital receiver 111 comprises an optional 
processor 230 and a descrambler integrated circuit (IC) 

25 240. 

Smart card interface 22 0 is adapted for attachment to 
smart card 210, which stores one or more encrypted 
descrambling keys for descrambling incoming digital 
content. Smart card 210 transmits the descrambling key(s) 
30 in encrypted form to smart card interface 220. In order 
to protect the descrambling key(s), generally referred to 
as "DK, " from being improperly extracted by an interloper 
monitoring communications between smart card 210 and smart 
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card interface 220, smart card 210 may use an encryption 
key unique to conditional access unit 201 to encrypt the 
DK. This allows conditional access unit 201 to decrypt 
the DK in a secure manner and use the DK in a clear format 
5 to descramble the digital content . 

More specifically, according to one embodiment of the 
invention, an external cryptographic processor 215 of 
smart card 210, receives the DK needed to descramble 
content. A storage element 212 (e.g., volatile or non- 
10 volatile memory) is previously loaded with one or more 

keys for encrypting the DK. Such loading may be performed 
during manufacture of smart card 210, during manufacture 
of storage element 212 or by cryptographic processor 215 
when storage element 212 is on-chip. Encryption logic 214 
15 of smart card 210 encrypts the DK with the one or more 
keys that are unique to descrambler IC 240. 

For this embodiment, smart card 210 delivers the 
encrypted DK 216 to descrambler IC 240. Herein, processor 
230 receives encrypted DK 216 through interface 220, 
2 0 although encrypted DK 216 may be sent directly to 

decryption logic 260. Processor 230 may be implemented to 
perform additional operations to counteract additional 
obfuscation techniques performed on the DK. 

Decryption logic 260 of the descrambler IC 240 will 
2 5 decrypt the DK using one or more unique keys stored in a 
storage element 250. In one embodiment, storage element 
250 comprises one or more key registers loaded at 
manufacturer or after implemented within conditional 
access unit 2 01 through initial program data transmitted 
30 to conditional access unit 201. Decryption logic 260 then 
writes the decrypted DK alternately into ODD and EVEN key 
storage elements (not shown) of descrambler logic 270. 
Descrambler logic 270 then applies the ODD/EVEN DK to the 
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incoming scrambled content 280 at the right time and 
outputs descrambled program content 290. Of course, 
alternatives to the loading of ODD and EVEN key storage 
elements may be utilized for descrambling of incoming 
5 scrambled content 280. 

Thus, the transfer of the descrambling key from smart 
card 210 to conditional access unit 201 is secure, because 
the descrambling key is transferred in encrypted form. 
The descrambling key remains secure in conditional access 
10 unit 201 because the descrambling key is not decrypted by 
non-secure processor 230. The descrambling key is only 
decrypted in descrambler IC 240 that actually uses the 
descrambling key, and thus, the descrambling key is never 
exposed in the clear, and cannot be obtained by hackers. 

15 Furthermore, the key used to decrypt the encrypted DK 

216 is stored in hardware (e.g., storage element 250) of 
descrambler IC 240. Storage element 250 cannot be hacked 
unless the silicon of storage element 250 is probed. 
Furthermore, the key may only be valid for one particular 

20 conditional access unit 201, and may not be used by other 
units to decrypt the encrypted DK 216, because the DK is 
encrypted by smart card 210 using a key that is unique to 
an associated conditional access unit 201. Therefore, the 
transmission of the encrypted DK 216 to conditional access 

2 5 unit 2 01 is secure . 

Descrambler IC 240 handles the secure processing of 
the descrambling keys. This descrambler IC 240 has no 
CPU, no firmware, and no software. There is no 
complicated key hierarchy. A non-processor based 
30 descrambler IC 240 receives encrypted DK 216, applies a 
unique key to it, and decrypts it. No instructions, no 
code, and no software is loaded into decryption logic 260. 
The decryption is performed entirely by decryption logic 
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260 being a hardware circuit or state machine using only a 
single key function. 

One or more unique keys, generally referred to herein 
as "Unique Key," may be programmed into storage element 
5 2 50 during manufacture or during implementation within a 
set- top box, television, or NRSS-B module. For example, 
in one embodiment, descrambler IC 24 0 is implemented with 
a programmable non-volatile storage element 250 such as 
flash. In another embodiment, descrambler IC 24 0 is 

10 implemented with non- programmable , non-volatile memory 
that can be written only once in order to enhance 
security. As a result, there is no way to either 
improperly read or overwrite the Unique Key that is 
originally loaded into storage element 250. An 

15 association between the serial number of conditional 

access unit 2 01 and the Unique Key loaded into descrambler 
IC 240 of the conditional access unit 201 may be recorded. 

When conditional access unit 201 is manufactured and 
a smart card 210 is installed, smart card 210 can receive 

20 the Unique Key associated with conditional access unit 201 
at the time of pairing. From then on, smart card 210 is 
"paired" to that particular host (e.g., conditional access 
unit 201) . Later, if smart card 210 is ever replaced or 
moved to a new host, smart card 210 may be adapted to 

25 receive a unique key associated with the new host via an 
Entitlement Management Message (EMM) . Of course, as an 
alternative, a new smart card with a newly programmed 
unique key may also be delivered to the user. 

An exemplary method for transferring a descrambling 
30 key from smart card 210 to conditional access unit 201 of 
Figure 2 is shown in Figure 3. A descrambling key is 
encrypted in the smart card using a key stored in non- 
volatile memory of the smart card (block 300) . This key 
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("Unique Key") stored in the smart card is associated with 
the key stored in the storage element of the descrambler 
IC. The encrypted descrambling key is received from the 
smart card (block 310) . 

5 This method includes receiving a digital bitstream 

including program data in a descrambler IC, where the 
program data includes system information and scrambled 
digital content (block 320) . The encrypted descrambling 
key is decrypted using a key stored in a storage element 
10 of the descrambler IC (block 330) . The scrambled digital 
content is descrambled in the descrambler IC using the 
decrypted descrambling key (block 340) , and the 
descrambled digital content is output (block 350) . 

As an alternative embodiment to the conditional 
15 access unit implementation of Figure 2, the smart card may 
be replaced by a headend server ("headend' 7 ) 410 of a one- 
way or two-way network 420 as shown in Figure 4. Headend 
410 maintains the access rights for the digital device 
operating as a decoder (referred to as "decoder 401"), 
2 0 instead of maintaining such access rights in a local 

cryptographic processor 215 of smart card 210 of Figure 2. 

Headend 410 can deliver one or more service keys 
(generally referred to as "Service Key") based on the 
Unique Key stored in Descrambler IC 440. The encrypted 

2 5 Service Key may be stored locally in decoder 4 01 to 

facilitate transitions from one channel to another. The 
Service Key are stored in encrypted form, and is loaded as 
needed into Descrambler IC 440. The Service Key is 
decrypted within Descrambler IC 440, by using the Unique 

30 Key stored in a storage element 450 of Descrambler IC 440. 

In one embodiment of the invention, the Service Key 
is used as a descrambling key to descramble the content 
directly. In another embodiment of the invention, the 
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Service Key is used to decrypt one or more descrambling 
keys, which are received in-band with the scrambled 
content and subsequently used for descrambling purposes. 
Each service key may be encrypted using different public 
5 and proprietary encryption algorithms. These different 
proprietary algorithms may be considered as ant i -piracy 
measures to invalidate clone hardware. 

Headend 410 can deliver the Service Key on a channel 
or "tier of service" basis in the EMMs . The service keys 

10 are encrypted, stored locally in decoder 401, and used by 
a processor 43 0 as needed when tuning to different 
channels. While this embodiment works in one-way (non- 
IPPV) broadcast networks, it also performs in two-way, 
interactive networks, where the Service Key for a 

15 particular service is requested, such as IPPV or VOD 

purchases or any other non-subscription service. A return 
channel 421 is used to request the Service Key because the 
ability to grant access to a new service is performed by 
headend 410 instead of a local controlling cryptographic 

2 0 processor. 

In order to avoid overload problems at headend 410 
caused by a large number of simultaneous impulse buys of 
IPPV programs, a Free Preview period can be determined and 
IPPV programs can be marketed in advance of the actual 
25 viewing. In this embodiment, service keys for individual 
shows or movies may be requested by decoder 4 01 and 
delivered ahead of time. For example, interactive 
networks, such as a cable system having return channel 421 
such as a DOCSIS modem or Out -of -Band transmitter/receiver 

3 0 for example, can deliver a Request for Program Key (RPK) 

message from decoder 401 to headend 410. Alternatively, 
decoder 401 may request the Service Key in real-time for 
each program accessed. 
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A controller (not shown) on headend 410 processes the 
RPK message. The RPK message may contain an address of 
decoder 401 as well as information needed to identify the 
channel to be viewed (all of which may be obtained from 
5 Motion Picture Experts Group U MPEG" system and program 

information already processed by the insecure processor) . 
The RPK request may be encrypted, if desired, for non- 
repudiation and prevention of denial of service attacks, 
such as IPPV or VOD requests for example. 

10 Upon receipt of the RPK message, headend 410 accesses 

entries of an access control list (listing each 
entitlement of decoder 401) and verifies decoder 401 is 
authorization to receive a particular Service Key. If 
authorized, headend 410 sends the Service Key (encrypted 

15 using the Unique Key contained in storage element 450 
located in the descrambler IC) to decoder 401. 

Figure 5 provides a more detailed illustration of 
decoder 4 01 of Figure 4 adapter to headend 410 for request 
and receipt of the Service Key. According to one 

20 embodiment of the invention, program data 500 such as an 
Entitlement Control Message (ECM) or meta-data associated 
with an Electronic Program Guide (EPG) is provided to 
decoder 4 01 by a service provider. The program data 5 00 
is adapted to convey at least an identifier of the desired 

25 channel or service (referred to as "Channel or Service 
ID") . In the event that program data 500 is an IPPV or 
VOD program, program data 50 0 may further include a 
Program identifier (Program ID) . 

An MPEG Demultiplexer 510 operates as a message 
30 processor to extract the Channel or Service ID. The 

Channel or Service ID are routed to processor 430, which 
in combination with transmitter/receiver logic 520 
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generates the RSK message 421 for routing to headend 410 
over return channel 421. 

In response, the requested Service Key (SK) in an 
encrypted format is received by the transmitter/receiver 
5 logic 520, which provides the SK to processor 430. 

Processor 430 may store the SK in a memory 435 and/or 
provide the SK to descrambler IC 440 for descrambling 
incoming scrambled content in real-time. For instance, 
memory 43 5 is an optional component for use if it is 
10 desirable to storage the SK locally. 

Upon receiving the scrambled content of the program 
data, descrambler IC 440 descrambles such content, which 
is subsequently supplied to MPEG decoder 53 0 if the 
content is compressed with a MPEG format. MPEG decoder 
15 53 0 decompresses the digital content and subsequently 
routes the decompressed digital content to either a 
digital-to-analog (D/A) converter for display on a 
television, or a Digital Video Interface (DVI) link. 

As shown, processor 43 0, memory 43 5, descrambler IC 
20 440, MPEG Demultiplexer 510, transmitter/receiver logic 

52 0 and MPEG decoder 53 0 may be implemented on two or more 
integrated circuits interconnected through bus traces or 
another communication scheme (e.g., wires, optical fiber, 
etc.). Alternatively, these components may be implemented 
25 on a single integrated circuit. 

In this embodiment, the SK may be valid for a certain 
period of time. Decoder 401 may store the SK in memory 
435, allowing decoder 401 to re-access the service with if 
SK is still valid without having to request that Service 
3 0 Key again. In this embodiment, the SK is stored in 

encrypted form (as it comes over the network from headend 
410) in memory 435. 
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The SK may be valid for the duration of a program or 
it may be valid for a selected period of time, e.g. 6 
hours. Using a key for a longer period of time will 
reduce the overall number of transactions between decoder 
5 4 01 and headend 410 because, once SK is stored in memory 
435 of decoder 401, it is readily available. Depending on 
the duration of the current Service Key (e.g., SK) , the 
next Service Key (SK nex t) may be delivered along with the 
SK. Alternatively, decoder 401 may request the SK ne xt after 
10 detecting the end of the SK 7 s valid Epoch (e.g., time 
duration of the SK) . In different embodiments, the 
Service Key may be valid for a duration of a user's 
subscription period. 

Services can be sold a-la-carte or sold as a package. 
15 There may be several tiers of services, each identified by 
a Service ID. For example, there may be a basic tier of 
services, a medium tier offering more services, and 
advanced tiers offering different premium services. Each 
incremental tier of services may be given a separate 

2 0 Service Key. 

In summary, decoder 401 of Figure 4 comprises a 
Descrambler IC 240 with a Unique Key loaded during IC 
manufacturer or creation of decoder. Service Keys are 
delivered to decoder 4 01 encrypted by the Unique Key and 
25 stored in encrypted form in decoder 401. Alternatively, 
decoder 401 could request a Service Key each time that 
decoder 401 tunes to a channel without storing the Service 
Key(s} locally. 

The entitlements normally held by the secure 

3 0 cryptographic processor of Figure 2 are held by the 

controlling authority such as a key server in headend 410 
of Figure 4 for example. Processor 430 in decoder 401 may 
receive a message (e.g., an ECM or an EMM), which tells it 



080398P558D 



-21- 



Sony IPD No. 50S5303.02 



what it is authorized to descramble so that it may 
properly display viewing options to a viewer. Processor 
430 can then request Service Keys for selected channels. 

There is no embedded "secure" firmware or software. 
5 Using the hardware decryption circuit mentioned above, an 
embedded processor core or firmware that performs a 
cryptographic function is not needed. This enables a 
number of conditional access applications, which may be 
downloaded to the insecure processor. The Service Key is 
10 unit key encrypted. It may be a public asymmetric key or 
secret symmetric key. 

Additional advantages include Pay-TV applications 
without using a cryptographic processor by providing 
decoder 401 having Descrambler IC 440 with Unique Keys 
15 hardwired therein. Decoder 401 can request a Service Key 
or Descrambling key from a network provider. Local access 
control can be performed by processor 43 0 because the 
critical "secure" function is isolated in Descrambler IC 
440 . 

2 0 Referring now to Figure 6A, a third exemplary 

embodiment of a secure content delivery system 600 is 
shown. Secure content delivery system 600 comprises a 
subscriber management system 610, a Conditional Access 
(CA) control system 620, a plurality of mating key servers 

25 associated with different set-top box manufacturers 630i- 

630 N (N_>2) and a set -top box 640 adapted to receive a smart 
card 650. Smart card 650 communicates with a descrambler 
IC 660, which includes local memory 670 configured to 
store a unique key (referred as "Unique Key") 680 of set- 

30 top box 640. Unique Key 680 is loaded during IC 
manufacturer or creation of set-top box 640. 

Once a user of set-top box 640 desires to receive 
particular program data, set-top box 640 determines 
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whether entitlements associated with the requested program 
data are already stored therein. If the entitlements are 
not stored, the user may be notified by a screen display 
and prompted to issue a request 611. Request 611 may be 
5 provided by the user via (i) an out -of -band communication 
pathway (e.g., electronic mail over the Internet, 
telephone call by the user, etc.) or (ii) an in-band 
communication pathway to CA control system 62 0 in 
communication with set -top box 640 as shown. 
10 Alternatively, request 611 may be sent automatically or 
may be routed to CA control system 62 0 which performs a 
lookup of information to authorize the user substantially 
in real time. 

For one embodiment, request 611 is a message that 
15 comprises an identifier (e.g., an alphanumeric , or 

numeric code) of the requested content, a serial number of 
set-top box (referred to as "STB Serial Num" ) and/or an 
identifier of smart card 650 (referred to as "Smart Card 
ID"). Implemented as any information processing system 
20 (e.g., server, relay station or other equipment controlled 
by a service provider or service provider) , subscriber 
management system 610 processes request 611 and determines 
what entitlements are to be provided to set-top box 640. 
Although not shown, it is contemplated that CA control 

2 5 system 62 0 could be configured to perform a lookup of 

databases containing serial numbers of set -top boxes or 
smart card IDs, thereby eliminating access to subscriber 
management system 610. 

Upon receiving an authorization (AUTH) message 612 

3 0 from subscriber management system 610, which may include 

the STB Serial Num and perhaps global keys (e.g., keys 
used to decrypt ECMs sent in-band with the content) , CA 
control system 62 0 routes STB Serial Num 641 and a mating 
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key generator 621 to at least one of the mating key 
servers 6301..., or 630 N (generally referred to as "mating 
key server 6301," where ij>l) . CA control system 620 
operates as an intermediary to coordinate delivery of a 
5 mating key 622 that is used to recover digtal content from 
downloaded, scrambled content. CA control system 62 0 may 
be implemented as a headend, a broadcast station, a 
satellite uplink or the like. 

Alternatively, instead of CA control system 620 
10 routing mating key generator 621 and STB Serial Num 641 to 
a mating key servers 630i-630 N , it is contemplated that 
such information may be sent to a trusted third party 63 5, 
which maintains and controls access to databases featuring 
mating keys. The values associated with mating key 
15 generator 621 and/or STB Serial Num 641 are used to 

retrieve mating key 622. "Trusted third party" 635 may 
include, but is not limited or restricted to a 
governmental entity, a company independently managed from 
any manufacturer, or the like. 

20 Prior to transmission of STB Serial Num 641 and 

mating key generator 621, CA control system 62 0 may 
perform an authentication scheme with a selected mating 
key server, such as server 630i, in order to establish a 
session key between CA control system 620 and mating key 

25 server 630 x . Of course, the authentication scheme would be 
performed with trusted third party 635 if implemented in 
lieu of mating key server 630i. The session key can be 
used to encrypt information exchanged between the parties 
in order to provide a secure link there between. Examples 

3 0 of various types of authentication schemes include an 

exchange of digital certificates, digital signatures, hash 
values or the like. 
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As shown in Figure 6B, mating key generator 621 is a 
message that comprises one or more of the following: a 
Set -Top-Box Manufacturer identifier (STB Manufacturer ID) 
623, a Service Provider ID 624, a conditional access (CA) 
5 Provider ID 625 and a Mating Key Sequence Number 626. Of 
course, the size (in bits) of these values/fields can be 
varied. 

For this embodiment, U STB manufacturer ID" 623 is a 
predetermined value that identifies a manufacturer of set- 

10 top box 640. Of course, it is contemplated that STB 
manufacturer ID 623 is optional, depending on the 
particular arrangement of STB Serial Num 641. "Service 
Provider ID" 624 is a value (e.g., one or more bits such 
as 16 -bits) that identifies the communications system 

15 provider as well as the selected distribution mechanism. 
For example, Service Provider ID 624 may identify which 
cable , satellite , terrestrial or Internet company is 
supplying the requested program data and/or the particular 
head-end server of that company. "CA Provider ID" 62 5 

20 indicates the provider of CA control system 620. "Mating 
Key Sequence Number" 626 is used for reordering packets of 
information if mating key 622 is more than one packet in 
length, and in certain systems, may also be used to 
indicate expiration of mating key generator 621. 

25 Referring back to Figure 6A, STB Serial Num 641 may 

have a unique portion for each STB Manufacturer ID 62 3 in 
order to identify mating key server 630i,..., or 630 N (or 
database of trusted third party 635) to which access is 
sought. Alternatively, STB Serial Num 641 may be expanded 

30 to include a serial number of set-top box 640 as well as a 
code field to identify the manufacturer of that set- top 
box 640. Of course, the number of bits is a design 
choice . 
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Upon receipt of mating key generator 621 and STB 
Serial Num 641, the appropriate mating key server (e.g., 
server 630i, where i_>l) returns mating key 622. In this 
embodiment, mating key 622 is used to encrypt a 
5 descrambling key needed to descramble scrambled content 
being sent to set-top box 640. More specifically, mating 
key server 630i accesses a pre-stored key being an 
identical copy of Unique Key 680 and encrypts mating key 
generator 621 using the accessed key. This produces a key 

10 equivalent to mating key 622. Alternatively, it is 

contemplated that mating key generator 621 may undergo a 
one-way hash operation in which the result is encrypted or 
only a portion of mating key generator 621 may be 
encrypted to produce mating key 622 . A similar operation 

15 needs to be repeated, however, within descrambler IC 660. 

Upon receipt of mating key 622, CA control system 620 
generates an entitlement management message (EMM) 64 8 
along with one or more ECMs 642 sent to smart card 640. 
One embodiment of EMM 648 is illustrated in Figure 6C. 

20 As shown in Figure 6C, EMM 648 comprises at least two 

of the following: Smart Card ID 643, length field 644, 
mating key generator 621, "M" (M>_1) key identifiers 645i- 
645 M and keys 646i-646 M associated with key identifiers 
645i-645 M , respectively. Of course, other entitlements 647 

25 may be included in EMM 648. Also, it is contemplated that 
mating key generator 621 may be excluded from EMM 648 and 
sent separately and generally concurrent with EMM 648. 

In particular, with respect to Figure 6C, smart Card 
ID 643 is a bit value that is used to indicate a 
3 0 particular set -top box and perhaps the manufacturer of the 
set-top box. "EMM length field" 644 is a bit value that 
is used to indicate the length of EMM 648. Mating key 
generator 621 , as shown, is a bit value that includes the 
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parameters forth above in Figure 6B . Each w key- 
identifier" 645i-645 M is a 16-bit entitlement tag value 
that is signed for use in checking whether keys 646i-646 M 
have been illicitly altered. Keys 646 x -646m are used to 
5 decrypt ECMs 642 used to deliver access requirements and 
at least one descrambling key in an encrypted format. 

Smart card 650 receives EMM 64 8 and forwards mating 
key generator 621 and an encrypted descrambling key 651 
recovered from ECM 642 to descrambler IC 660 of set-top- 
10 box 640 as described in Figures 7A-7C. 

Figure 7A is a first exemplary embodiment of 
descrambler IC 660 implemented within set-top box 640 of 
Figure 6A. On receipt of mating key generator 621 and 
encrypted descrambling key 651 from smart card 650, 

15 descrambler IC 660 comprises a first process block 661 
that performs an encryption operation on mating key 
generator 621 using Unique Key 680 stored in descrambler 
IC 660. The encryption operation may be in accordance 
with symmetric key cryptographic functions such as DES, 

20 AES, IDEA, 3DES and the like. The U DES" operation is 
shown merely for illustrative purposes. 

The encryption operation on mating key generator 621 
produces a key 663 identical to mating key 622, which is 
loaded into a second process block 664. Process block 664 

25 is used to decrypt encrypted descrambling key 651 to 

produce a descrambling key 665. Descrambling key 665 is 
used for descrambling scrambled content 666 loaded into 
set-top box 640 and in particular descrambler IC 660. 
Descrambling may include performance of 3DES operations on 

30 scrambled content 666 . The result is content in a clear 
format, which may be transmitted from descrambler IC 660 
and subsequently loaded into a MPEG decoder as shown in 



080398P558D 



-27- 



Sony IPD No. 50S5303.02 



Figure 5 or optionally into a D/A converter, or DVI 
Interface . 

It is contemplated that process blocks 661 and 664 
may be altered to support decryption and encryption 
5 respectively, depending on how mating key 622 is 
formulated. 

Figure 7B is a second exemplary embodiment of 
descrambler IC 660 implemented within set-top box 640 of 
Figure 6A. The descrambling is in accordance with 3DES 
10 with 2 keys. As set forth in Figure 7A, descrambler IC 
660 comprises a first process block 661 that performs an 
encryption operation on mating key generator 621 using 
Unique Key 68 0 . 

The encryption operation on mating key generator 621 
15 produces key 663, which is identical to mating key 622. 

The key 663 is loaded into two DES process blocks 664 x and 
664 2 . Process block 664i is used to decrypt a first 
encrypted descrambling key 652 to produce a first 
descrambling key (DK1) 665i. Process block 664 2 is used to 
20 decrypt a second encrypted descrambling key 653 to produce 
a second descrambling key (DK2) 665 2 . DK1 665i and DK2 
665 2 are used by a low-level 3DES descrambling logic 667 
for descrambling scrambled content 666. 

Of course, it is further contemplated that process 
25 block 661 may be configured to support 3DES with multiple 
keys as shown in Figure 7C . For this embodiment , multiple 
mating key generators 62 li and 62 1 2 are provided by smart 
card 650 to produce two keys 663i and 663 2 that are 
provided to process blocks 664 x and 664 2 , respectively. 
30 These process blocks 664 x and 664 2 produce descrambling 
keys 665i and 665 2 that are used by a low-level 3DES 
descrambling logic 667 for descrambling scrambled content 
666 . 
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As illustrated in Figure 7C, a first mating key- 
generators 62 li may be configured as mating key generator 
621 of Figure 6B . However, a second mating key generators 
62 1 2 may be configured to authenticate copy protection 
5 parameters placed into key 663 2 . For instance, second 
mating key generators 62 1 2 may comprise a copy control 
information (CCI) field that provides copy controls and a 
content identifier field that identifies incoming content 
to which the copy controls are applied. For instance, the 

10 CCI field may identify that the content cannot be copied 
for persistent storage or may be copied a certain number 
of times (once, twice, etc.) . The CCI field may be used 
to identify the number of times that the content can be 
played back or sets prescribed viewing times for such 

15 content. 

The second mating key generators 62 1 2 may further 
comprise a Content ID field including a value that 
identifies the digital content associated therewith and 
may include data to manage validity/expiration of the 

20 digital content. The second mating key generators 621 2 may 
further comprise a Copy Generation Number field including 
a value that identifies the number of times the digital 
content can be copied. Of course, to reduce the size of 
the fields, multiple parameters may be hashed and stored 

25 in the fields. 

Referring now to Figure 8, a fourth exemplary 
embodiment of a secure content delivery system 700 is 
shown. Secure content delivery system 700 comprises 
subscriber management system 610, CA control system 620, a 
30 mating key gateway 710, mating key servers 630i-630 N and 
set-top box 640. In lieu of transmitting mating key 
generator 621 and STB Serial Num 641 from CA control 
system 620 to mating key servers 630i-630 N as shown in 
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Figure 6A, such information may be routed to mating key 
gateway 710. Mating key gateway 710 accesses the STB 
Manufacturer ID 623 of Figure 6B from mating key generator 
621 and appropriately routes mating key generator 621 and 
5 STB Serial Num 641 to a selected mating key server 630i. 
This reduces the amount of processing time by CA control 
system 620 or servers 630i-630 N to recover mating key 622. 

Alternatively, instead of mating key gateway 710 
routing mating key generator 621 and STB Serial Num 641 to 

10 the selected mating key server 6301, it is contemplated 

that such information may be routed to trusted third party 
635, which accesses a targeted database for retrieval of a 
mating key. The database selected for retrieval of mating 
key 622 is based on values associated with mating key 

15 generator 621 and/or STB Serial Num 641. For instance, 

each database may be accessible over a range of addresses 
based on values associated within mating key generator 621 
and/or STB Serial Num 641. These values are used to 
identify the targeted database. 

2 0 Figure 9A is a fifth exemplary embodiment of a secure 

content delivery system 800. Secure content delivery 
system 800 comprises subscriber management system 610 and 
a CA control system 810, a plurality of mating key servers 
630i-630 N associated with different set-top box 

25 manufacturers, a set-top box 820, a mating key gateway 830 
(similar to gateway 710 of Figure 8) , and a network 
interface 840 (e.g., DOCSIS CMTS) . Set-top box 820 
comprises a descrambler IC 860 including local memory 870 
configured to store a unique key 880 (referred to as 

30 "Unique Key") of set-top box 820. The Unique Key 880 is 
loaded during IC manufacturer or creation of set-top box 
820 . 
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Set -top box 82 0 receives electronic program guide 
(EPG) meta-data with the EPG in an unscrambled format and 
receives digital programming content 850 in a scrambled 
format. In one embodiment, EPG meta-data 900 is provided 
5 out-of-band by CA control system 810. As shown in Figure 
9C, one embodiment of EPG meta-data 900 includes multiple 
tag entries 910i-910 s (S>a) for different types of content 
provided by a service provider. Each tag entry 910 j 
(l<.j<_S) comprises at least a channel name 920j, a name of 

10 the content 930j, and a key identifier 940j indicating the 
tier of service associated with the channel. In addition, 
each tag entry 910j further comprises a program identifier 
(PID) 950j and a mating key generator (MKG) 960j . Meta- 
data 900 is used to provide a mating key generator (e.g., 

15 mating key generator 621) and key identifier (s) for 
verification of the keys provided in the EMM 885. 

Referring back to Figure 9A, once a user of set-top 
box 820 desires to receive particular type of content 
(e.g., PPV movie, broadcast channel, etc.), set-top box 

20 820 determines whether entitlements associated with the 
requested content are already stored therein. If the 
entitlements are not stored, the user may be notified 
directly through a screen display or audio playback and 
prompted to provide a request 811 to subscriber management 

25 system 610 (or CA control system 810) . Alternatively, the 
request 811 may be sent automatically without user 
control. Request 811 may be provided out-of-band (e.g., 
telephone call or e-mail over Internet via DOCSIS) as 
shown, or in-band to subscriber management system 610. 

30 As shown for this embodiment, upon receiving an 

authentication message 815 from subscriber management 
system 610, including STB Serial Num 831 and entitlements 
(or looking up STB Serial Num 831 at CA control system 
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810) , CA control system 810 routes STB Serial Num 831 and 
mating key generator 832 to mating key gateway 830. 
Mating key gateway 830 operates as an intermediary to 
coordinate delivery of mating key 833 that is used to 
5 extract the requested content from downloaded, scrambled 
information. Of course, CA control system 810 may perform 
an authentication scheme with mating key gateway 830 in 
order to establish secure communications there between. 

Upon receipt of mating key 833, CA control system 810 
10 generates one or more entitlement management message (EMM) 
885. No ECMs are provided; only channel keys over EMM 885 
for example. One embodiment of EMM 885 is illustrated in 
Figure 9B . 

As shown in Figure 9B, EMM 885 comprises at least two 
15 of the following: STB Serial Num 831, EMM length field 
842, mating key generator 832, "M" (M>1) key identifiers 
844i-844 M and encrypted service keys 846i-846 M associated 
with key identifiers 844i-844 M , respectively. Of course, 
other types of entitlements besides identifiers or service 
20 keys may be included in EMM 885 and the size (in bits) of 
these values can be varied. Also, it is contemplated that 
mating key generator 832 may be excluded from EMM 885 and 
sent separately and generally concurrent with EMM 885. 

STB Serial Num 831 is a value that is used to 
25 indicate a particular set-top box and perhaps the 

manufacturer of the set- top box. "EMM length field' 7 842 
is a bit value that is used to indicate the length of EMM 
885. Mating key generator 832, as shown, is a bit value 
that includes the parameters forth above in Figure 6B . 
30 Each "key identifier" 844i~844 M is a 16-bit value that 
indicates a tier of service associated with a 
corresponding encrypted service key 846i-846 M/ 
respectively. The encrypted service keys 846i-846 M are 
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decrypted by a key produced within descrambler IC 860 that 
corresponds to mating key 833 of Figure 9A. 

Figure 10 is a first exemplary embodiment of 
descrambler IC 860 implemented within set-top box 820 of 
5 Figure 9A. On receipt of mating key generator 832 and 
encrypted service keys 846j (l<j<M) included in EMM 885, 
descrambler IC 860 comprises a first process block 861 
that performs an encryption operation on mating key 
generator 832 using Unique Key 880 previously stored in 

10 descrambler IC 860. The encryption operation may be in 

accordance with symmetric key cryptographic functions such 
as DES, AES, IDEA, 3DES and the like. Of course, it is 
contemplated that process block 861 may be altered to 
perform a hashing function in lieu of an encryption 

15 function. 

The encryption operation on mating key generator 832 
produces a key 863 that is identical to mating key 833. 
Key 863 is loaded into a second process block 864 that is 
used to decrypt the encrypted service key 84 6 j to recover 

20 the service key used to descramble scrambled content 850 
loaded into set-top box 840 and in particular the 
descrambler IC 860. Descrambling may include performance 
of 3DES operations on the scrambled content. The result 
may be content in a clear format, which is transmitted 

25 from descrambler IC 860 and subsequently loaded into a 

MPEG decoder as shown in Figure 5 or optionally into a D/A 
converter, or DVI Interface. 

Referring now to Figure 11, a portion of a sixth 
exemplary embodiment of a secure content delivery system 
30 900 is shown. In lieu of subscriber management system 610 
and CA control system 810 of Figure 9A, mating key gateway 
83 0 may be adapted for communications with a plurality of 
subscriber management systems (SMS) 910i-910 K (K>1) each 
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associated with a different service provider. Each of 
these subscriber management systems 910 1 -910 K supply mating 
key generators and STB Serial Nums 920i-920 K to mating key 
gateway 83 0 and, in return, receive corresponding mating 
5 keys 930i-930 K . These mating keys 930i-930 K are used to 

encrypt service keys provided to one or more targeted set- 
top boxes (not shown) . Alternatively, trusted third party 
635 may be utilized as shown in Figures 6A, 8 and 9A. 

For example, for this illustrated embodiment, 
10 subscriber management systems 910i and 910 2 are terrestrial 
broadcasters, each providing mating key generators and STB 
Serial Nums 920i, 920 2 to mating key gateway 830 and 
receiving corresponding mating keys 930i, 930 2 . Similar in 
operation, subscriber management systems 910 3 and 910 4 are 
15 cable operators, subscriber management system 910 5 is a 
direct broadcast satellite (DBS) company, and subscriber 
management systems 910 K -i and 910 K are Internet content 
sources . 

Referring to Figure 12, a portion of a seventh 
2 0 exemplary embodiment of a secure content delivery system 
1000 is shown. A set-top box 1010 of the system 1000 
receives scrambled or encrypted content 1020 from a first 
source and an entitlement management message (EMM) 104 0 
from a second source. The second source may be a smart 
2 5 card or a CA control system. 

In accordance with one embodiment of the invention, 
EMM 1040 comprises a copy protection key generator (CPKG) 
1042 and an encrypted user key 1041. As shown in Figures 
12 and 13, encrypted user key (E key ) 1041 is a value that 
30 is calculated to generate a copy protection key 1035 in 

descrambler IC 1030 when E key 1041 is decrypted by a unique 
key ( "Unique Key" ) 1031 or a derivative thereof. Unique 
Key 1031 is loaded during IC manufacturer or creation of 
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set-top box 1010. Copy protection key 1035 is shared with 
other devices, such as another set -top box 1070, a 
portable computer (e.g., PDA) 1071, or even a portable 
jukebox 1072, for decryption purposes. 

5 As shown in Figure 14, CPKG 1042 comprises STB 

manufacturer ID 1050, System ID 1051 to identify a system 
that provides EMM 1040 (e.g., similar to CA Provider ID 
625 of Figure 6B) Content Provider ID 1052 to identify the 
provider of the digital content (e.g., similar to Service 

10 Provider ID 624 of Figure 6B) , and CP Sequence Number 1053 
being generally equivalent in purpose to Mating Key 
Sequence Number 626 of Figure 6B. In addition, CPKG 1042 
includes a Copy Protection Status value 1054 that provides 
content management controls such as whether or not the 

15 incoming content can be copied, number of times for 
playback, or date/time of playback. 

Referring back to Figure 13, an embodiment of the 
descrambler IC 1030 receives E key 1041, CPKG 1042 and an 
encrypted descrambling key 1043 from the second source. 

20 CPKG 1042 is substantially equivalent to mating key 

generator 832 of Figure 9A. Descrambler IC 1030 comprises 
a first process block 1032 that decrypts Ek ey 1041 with 
Unique Key 1031 in accordance with symmetric key 
cryptographic functions such as DES , AES , IDEA, 3DES and 

25 the like. 

The decryption operation on Ekey 1041 recovers the 
user key 1033, which is loaded into a second process block 
1634 that is used to encrypt CPKG 1042 to produce copy 
protection key 1035. Encrypted descrambling key 1043 is 
3 0 decrypted using Unique Key 1031 (or derivative thereof) to 
recover the descrambling key is a clear format for 
descrambling and/or decrypting the encrypted content 102 0 
loaded into set-top box 1010 and in particular descrambler 
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IC 1030. Descrambling and/or decrypting may include 
performance of 3DES operations. 

As a result, the content is temporarily placed in a 
clear format, but is routed to low-level encryption logic 
1060, which encrypts the descrambled content with copy 
protection key 1035 associated with any or all of the 
destination digital devices. As a result, the content is 
secure during subsequent transmissions. 

In the foregoing description, the invention is 
described with reference to specific exemplary embodiments 
thereof. It will, however, be evident that various 
modifications and changes may be made thereto without 
departing from the broader spirit and scope of the present 
invention as set forth in the appended claims. The 
specification and drawings are accordingly to be regarded 
in an illustrative rather than in a restrictive sense. 



